How safe is GnuCash?

Securenym.net wroberts at securenym.net
Sat Jan 14 13:31:09 EST 2017 

On point you are correct.  Nothing is safe.  On a computer or otherwise.  Anything can be altered, if one has a mind to do so, whether or not they have legitimate access.  That can be bought, given enough time and money.   However, just as we cannot have perfect and complete safety in life, in accounting, in whatever, we can also provide reasonable, though never absolute assurances of safety, which I think the SQL databases do provide.  With appropriate administrative controls, they are a little closer, but the cost of absolute security is so high that we would never accomplish anything.  Anything built by man can be altered, albeit with difficulty in some cases, with ease in others.  Even if there is extreme physical security.  This too can be compromised given enough time and resource applied.

So, we do our best.  I think for the purposes of accounting, which is what Kai asked about, it is as safe as anything out there, with the SQL implementation.  I do not believe that the question was about, “can this system ever be broken/cracked?” It was:  is gnucash safe enough to be useful (it is, in my opinion), is it safe enough to meet external auditor’s demands (it could be in my opinion but may take a bit of RDB programming to achieve this).  Otherwise, get your checkbook out, because with the criteria listed below, not a single accounting system ever written or to be written will meet them.

To meet your criteria, one would have to disconnect systems from the networks, place them inside a faraday cage with an isolated power supply, and insure that three trusted people are present at all times.  The code would have to be verified on a line-by-line basis, just for starters.  Same with the OS.  Microsoft will be a dismal fail here, but what about the others?  A review of the OS team’s bug and security update databases show there is always one more bug to find and fix.  The expense of operation is enormous, and the cost of gnucash is, well, it’s less than that.  And I think it’s pretty good at what it does do.


> On Jan 14, 2017, at 9:15 AM, Jean-David Beyer <jeandavid8 at verizon.net> wrote:
> 
> On 01/14/2017 09:58 AM, Securenym.net wrote:
>> And that brings up another point.  SQL databases are supposed to have
>> transaction logging as part of their rollback/recovery features.
>> They use this to insure data integrity.  Most of these can be
>> archived and recovered for analysis.  If that is the case, and SQL is
>> used for gnucash, then Kai’s question Is gnucash safe?  can be
>> answered with confidence: Yes.
> 
> It does not seem safe to me. The files (transaction logs, the data
> itself, the indices, ... are all just files and can be edited, altered,
> compromised, ... using tools other than the DB2, Oracle, postgreSQL, ...
> Nothing is safe on a computer if there is not extreme physical security,
> procedural security, withholding of sensitive passwords from even the
> most privileged system administrator. So you must trust him or her. And
> hence, once in a while, you will be wrong.
> 
>> The transaction date and time of any
>> change to the database is written in the logs for any permanent
>> table.  These log files contain enough data that they can be tracked,
>> including a sequence number which will allow an auditor to
>> investigate what changed when.  The ones I’m familiar with  contain
>> transaction id, a checksum, actual data and backup information.
> 
> The black hat team can alter the system clock.
>> 
>> If an sql database is in use, then the database logging and auditing
>> features may very well be the key to satisfying the auditors, with
>> the exception of tying changes to the individual user, but that is
>> easily fixed with appropriate administrative controls —  knowing who
>> has what access to your systems and when. And with at least some
>> DBMS, if the log space is full to capacity, the DBMS will simply
>> complain and not permit any more transactions.
>> 
>> This may be helpful in telling the auditors that yes, gnucash, when
>> using sql is indeed safe.
> 
> If they are naive.
> 
> -- 
>  .~.  Jean-David Beyer          Registered Linux User 85642.
>  /V\  PGP-Key:166D840A 0C610C8B Registered Machine  1935521.
> /( )\ Shrewsbury, New Jersey    http://linuxcounter.net
> ^^-^^ 10:10:01 up 3 days, 18:55, 2 users, load average: 4.18, 4.52, 4.50
> _______________________________________________
> gnucash-user mailing list
> gnucash-user at gnucash.org
> https://lists.gnucash.org/mailman/listinfo/gnucash-user
> -----
> Please remember to CC this list on all your replies.
> You can do this by using Reply-To-List or Reply-All.

More information about the gnucash-user mailing list